I'm trying to decrypt SSL traffic in Wireshark, and it partially works because I'm able to view the decrypted headers. The problem is that I don't see any of the packet contents, only their headers. Is there an explanation for this behaviour?

and then to decrypt the private key to a PKCS#8 format, which wireshark supposedly supports, we issued this command:
openssl pkcs8 -nocrypt -in *.key -informat DER -out *.key -outformat PEM

In Wireshark we issued the following parameters in SSL decryption section:
10.10.10.10,443,http,*.key - where 10.10.10.10 is the client we're trying to MITM using sslsniff. We have also tried localhost and servers IP with no success. Any suggestions?

3 Answers
3

The SSL connection was probably using Diffie-Hellman to establish the session key. DH allows two parties to establish a shared secret over an insecure channel with no prior communication. This means that even though you have the private key, you can't determine the session key by inspecting the traffic. To decode a DH session you have to actively MITM the connection, or get one of the parties to log the session key.